Banks should ensure adequate investments in technology to address risks, Reserve Bank of India (RBI) deputy governor M K Jain has said while addressing a gathering at the Centre for Advanced Financial Research and Learning.
The boards of banks must start looking at cyber security as an enterprise-wide risk management issue rather than a pure IT security concern due to its firm-wide implications, Jain said. The comments assume significance in the backdrop of rising instances of cyber frauds and also frequent technical glitches that plague netbanking services.
To combat rising cyber risks, the central bank has mandated awareness training programmes for boards of directors and senior leadership teams to familiarise them with IT and cybersecurity concepts, Jain said. In its oversight role, the board needs to oversee the cybersecurity management, including appropriate risk mitigation strategies, systems, processes, and controls, he said.
The board must also examine if the institution has appropriate skills, resources, and approaches to minimise the cyber risk and mitigate any damages, Jain said.
In recent years, the RBI has come down hard on banks for IT system lapses. In December 2020, it banned country’s largest private lender HDFC Bank from onboarding new customers and launching new digital products following repeated outages. The ban was lifted earlier this month.
Recently, the RBI barred Paytm payments bank, too, from taking on new customers while ordering an IT audit. Jain cited lack of investment in technology, shortage of technically qualified personnel and business disruptions as reasons for increased risks.